Page Index Toggle Pages: 1 [2] 3 
Topic Tools
Very Hot Topic (More than 25 Replies) Error Log Corrputed (Read 9,141 times)
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,933
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Error Log Corrputed
Reply #15 - Nov 6th, 2012 at 1:55pm
Post Tools
It isn't that the error log is 'corrupted' (as in caused by a system or software fault), the problem is that it contains data in non-latinate characters that are embedded in the URLS, strings and/or usernames it recorded. 營t's actually a sign YaBB is working correctly.

BTW - I know some of those exact SPAM URL's/injections in your log.

There is no danger, its just inconvenient.

You can repair it with a 'programmers' editor Like Crimson or Notepad++ and re-upload.

Good Luck
Cool

A pox on spammers.  Lips Sealed
« Last Edit: Nov 6th, 2012 at 1:57pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Jkulin
Junior Member
**
Offline



Posts: 59
Location: Staffs. UK
Re: Error Log Corrputed
Reply #16 - Nov 6th, 2012 at 1:58pm
Post Tools
Thanks Jon, xnoddyx has been working on it this morning to help me get upgraded to 2.5.2 so hopefully all sorted.

You know what? This software and the people behind are brilliant! Cool Grin
  
Back to top
 
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,591
Location: UK:Scotland/livingston

None
Re: Error Log Corrputed
Reply #17 - Nov 6th, 2012 at 3:14pm
Post Tools
Jkulin wrote on Nov 6th, 2012 at 1:58pm:
Thanks Jon, xnoddyx has been working on it this morning to help me get upgraded to 2.5.2 so hopefully all sorted.

You know what? This software and the people behind are brilliant! Cool Grin

Thank you and we are here to help  Wink

upgrade to YaBB 2.5.2 completed and testing good  Smiley
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Jkulin
Junior Member
**
Offline



Posts: 59
Location: Staffs. UK
Re: Error Log Corrputed
Reply #18 - Nov 6th, 2012 at 3:18pm
Post Tools
Thank-you so much for all your help:-)
  
Back to top
 
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,591
Location: UK:Scotland/livingston

None
Re: Error Log Corrputed
Reply #19 - Nov 6th, 2012 at 3:27pm
Post Tools
it's cool and hope you dont have any more Error Log probs  Wink
and any more and if you have any questions or need any more help please don't hesitate to post back  Smiley i love to see happy YaBB users  Grin
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Jkulin
Junior Member
**
Offline



Posts: 59
Location: Staffs. UK
Re: Error Log Corrputed
Reply #20 - Nov 10th, 2012 at 9:34am
Post Tools
Hi All,

Sorry to report but the error log has become corrupt again.

It seems like every time it is when someone tried to register with an extremely long url?

Any idea how we can prevent this in future?

Many Thanks.
  
Back to top
 
IP Logged
 
malmklang2
Jr. Developer
Language Team
***
Offline



Posts: 257
Location: Norway

None
Re: Error Log Corrputed
Reply #21 - Nov 10th, 2012 at 10:13am
Post Tools
I could've sworn I saw some string length messages when I was translating... guess it must've been for something else...

The way to stop this from happening is to do a check for maxlenght of screen name and username, have it defined to say, max 30 or something. And have this check done before most of the other checks, at least on the server side (perl). And, finally, not log this,at least not with the string that's too long, or else it's the same story all over again... I had a quick look through Register.pl and couldn't see any such checks, but I might have missed them.

Anyways, this could be a small mod, for those that need it yesterday, a future feature for those that don't Tongue
  

if ($human) {die("Sorry, you lot have destroyed too much already")}
Back to top
IP Logged
 
Jkulin
Junior Member
**
Offline



Posts: 59
Location: Staffs. UK
Re: Error Log Corrputed
Reply #22 - Nov 10th, 2012 at 10:29am
Post Tools
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,685
Location: Los Angeles

YaBB 2.5
Re: Error Log Corrputed
Reply #23 - Nov 10th, 2012 at 5:27pm
Post Tools
malmklang2 wrote on Nov 10th, 2012 at 10:13am:
The way to stop this from happening is to do a check for maxlenght of screen name and username, have it defined to say, max 30 or something.

If you find out where this is, if it exists, please let us know. The extra, extra long usernames seem to be the latest spam-bot tool, and it's corrupting our error log more regularly now.

Easy to fix, but it's an irritation nonetheless.

« Last Edit: Nov 10th, 2012 at 5:28pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,399
Location: Earth

YaBB 2.6.1
Re: Error Log Corrputed
Reply #24 - Nov 10th, 2012 at 5:41pm
Post Tools
Actually, in this case what it looks like (without know exactly which registration method is in use) - someone attempted to register using a super-long bad string - but the bad characters where stripped out in creating the .pre file (we've seen this happen before.) The registrant got a confirmation notice and attempted to finish the process - only the filename being checked against doesn't exist - it has bad stuff in it. I'll check later to see if all the registration fields have character limits on them - they should.
Edited:
Actually, they may be attempting to log in using the super bad string - it would have the same results. The login fields should have the same limits as the registration fields.


More: the log in script has only one spot where there isn't a maxlength set - and that's on the password reset which is supposed to only check against .vars - and the error is looking for a .pre

Somehow this spammer is getting around the maxlength settings. Check your Referrer settings (that list of files that can be accessed outside your domain - make sure that both the registration and login scripts can only be accessed through your domain - At a wild guess, it's possible someone has a login script outside your domain and they're using that to try to get it.)
« Last Edit: Nov 10th, 2012 at 6:05pm by Dandello »  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,591
Location: UK:Scotland/livingston

None
Re: Error Log Corrputed
Reply #25 - Nov 10th, 2012 at 5:42pm
Post Tools
Bill Myers wrote on Nov 10th, 2012 at 5:27pm:
If you find out where this is, if it exists, please let us know. The extra, extra long usernames seem to be the latest spam-bot tool, and it's corrupting our error log more regularly now.Easy to fix, but it's an irritation nonetheless.

from what i can tell it is a new XRumer i have posted it for the Development Team
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,685
Location: Los Angeles

YaBB 2.5
Re: Error Log Corrputed
Reply #26 - Nov 10th, 2012 at 6:00pm
Post Tools
xnoddyx wrote on Nov 10th, 2012 at 5:42pm:
from what i can tell it is a new XRumer i have posted it for the Development Team

It seems that you're correct. If it's not one thing, it's another. Roll Eyes

On that note, your instructions here regarding The Guardian have been very helpful. Smiley

« Last Edit: Nov 10th, 2012 at 6:07pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,399
Location: Earth

YaBB 2.6.1
Re: Error Log Corrputed
Reply #27 - Nov 10th, 2012 at 9:36pm
Post Tools
I had a minute to do some testing - and have come to the conclusion that the problem is not with YaBB 2.5AE or 2.5.2 itself.

Trying to register with that string through the registration form yielded these errors:
Code
Select All
 	Today at 1:12pm 	Guest
(127.0.0.1) 	There is an invalid character detected in the User ID field. Valid Characters are Letters, Numbers, Spaces and ( [ ] # % + , -

http://localhost/testbed/cgi-bin/yabb252/YaBB.pl?board=&action= . : = ? @ ^ _ )&num=register2
 	Today at 1:14pm 	`:http://www.http://www.bagcheapjpsale.com/ ` ` ` `` ` ` " ` ` ` `` ` ` " コーチバッグ コーチアウ,
(127.0.0.1) 	There is an invalid character detected in the Username, Displayed Name or e-mail address field!

http://localhost/testbed/cgi-bin/yabb252/YaBB.pl?board=&action=login2
 



Therefore, (I'm pretty sure) someone is spoofing the registration and/or login form. Turning on the Referrer Security in Admin Center -> Security Settings should stop this.
Also go to Referrer security and make sure that the login and register scripts are unchecked. You should also ban the IP where the error is coming from.  (There may be other settings, but I know that when I keep Referrer Security turned on, I don't see things like this.)

That string should not have gotten past YaBB's internal form input sanitizing - therefore it came from somewhere else.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,399
Location: Earth

YaBB 2.6.1
Re: Error Log Corrputed
Reply #28 - Nov 10th, 2012 at 9:47pm
Post Tools
I made a long reply and YaBB seems to have eaten it - I did some testing of that string on one of my boards -both the Registration form and the Login form threw it out for having bad characters in the string - and those were the errors in the error log - the whole string didn't show up at all - it couldn't get past the built-in cleaning and length limitations. Therefore, these are not coming in through your domain's forms.

My conclusion: someone is spoofing the registration and/or login forms.

The supposed way to deal with that is to make sure you have Referrer Security turned on. (Admin Center -> Security Settings.)

Then make sure in Referrer Settings you have the login and register boxes unchecked.

I keep saying I don't see these in my error log - but I always keep referrer security turned on. I do occasionally see form spoofing attempts.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
malmklang2
Jr. Developer
Language Team
***
Offline



Posts: 257
Location: Norway

None
Re: Error Log Corrputed
Reply #29 - Nov 10th, 2012 at 10:08pm
Post Tools
Yes, I found the lenght checks. Goes to show, don't try to offer support until you know the system you are offering support on Tongue
That was a note to myself more than anything Smiley
  

if ($human) {die("Sorry, you lot have destroyed too much already")}
Back to top
IP Logged
 
Page Index Toggle Pages: 1 [2] 3 
Topic Tools
 
  « Board Index ‹ Board  ^Top